February 3, 2024


Hello all,

Two weeks ago, I wrote that if you can’t immediately mitigate Ivanti VPN vulnerabilities, shut it off. It would appear that I was rather prophetic. More on that momentarily. The Federal Burau of Investigation (FBI) revealed that they are outnumbered 50 to 1 by China’s hacker army, and that much of our OT infrastructure is likely compromised. Thankfully the FBI did reveal some positive news about successes against some of the dirt-bags out there. So, let’s get to the actual news items themselves.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

  • AnyDesk, makers of remote-control software, announced that their production servers were breached, and source code was stolen. Huntress Labs has revealed that AnyDesk’s code-signing certificate was likely also stolen and AnyDesk subsequently had to reset it along with all passwords and access tokens. Monitor for rogue AnyDesk installations in your environments and if you legitimately use AnyDesk, update to version 8.0.8 as soon as possible so that you’re running the new certificate.
  • Apple Vision Pro, which became available on Friday, received its first patch for a zero-day vulnerability even before hitting retail shelves. It was for a WebKit flaw, that if exploited could have allowed malicious code to run on the device. If you’ve decided to splurge for this $3500 device, make sure that you apply updates immediately after unboxing it.
  • ChatGPT was in the news for leaking passwords from private conversations. OpenAI denies that their product is doing so and asserts that the items seen were due to users’ accounts being taken over and used to power unsanctioned “pool of identities that an external community or proxy server uses to distribute free access.” It sounds plausible, until it doesn’t. We will need to wait and see. Meanwhile, if you don’t want it public, don’t ask an AI about it.
  • China has been in the cyber news quite a bit this past week. While there’s plenty of negative which you can read about in the linked articles, there is a positive report among the sea of scary ones. The FBI revealed that they’d disrupted the Chinese Volt Typhoon botnet of compromised EOL Cisco and Netgear routers, effectively killing that particular evil proxy network. Score one of the good guys!
  • GitLab released updates for its Community Edition (CE) and Enterprise Edition (EE). The flaws are critical and should be patched immediately.
  • Ivanti has had another bad week. I’d recommended unplugging the VPN appliances two weeks ago. This week CISA gave government agencies until Saturday to “disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks”. Additionally, CISA ordered continued monitoring, for all agencies to assume compromise, and to double reset all credentials. Meanwhile, the exploitations continue as public and private sector companies struggle to keep up. More on that in a moment.
  • Juniper released “out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems.” The patches are for the J-Web component which is in all versions of JunoOS. If you cannot immediately apply the update, Juniper does have mitigation guidance available.

In Ransomware, Malware, and Vulnerabilities News:

  • Ivanti warrants another mention here as well. There were more vulnerabilities found this week and Ivanti has been reported to be struggling to keep up with plugging the expanding list of holes. CISA reported that attackers are finding ways to bypass the mitigations Ivanti proffered. I’m sure this was a key factor in their “disconnect it order”.
  • Interpol shared some good news. In a massive joint operation named “Synergia”, it had taken down a 1,300-server network used for cybercrime such as ransomware, phishing, and malware distribution. 60 law enforcement agencies from 55 countries participated in the coordinated effort which resulted in 70% of the C2 servers being taken down, with 31 people arrested and more arrests on the way. Thank you cyber-warriors!

In Other News Events of Note and Interest:

  • Floppy Disks are still a thing in Japan until they can comb through and change all of the assorted laws and regulations that stipulated specific media, namely floppies or CD’s, to be used in official reporting. Do you even have a way to read a floppy anymore?
  • Starlink is transmitting 42 million GB of data daily! In a fascinating article you’ll see how they accomplish this with lasers in space, creating a mesh network. Truly amazing!

In Cyber Insurance News:

  • Why Businesses Switch Cyber Insurance forty eight percent of those surveyed changed insurance in 2023.

Gone are the good old days of simply using a computer, unless you never connect it to another network, or receive any form of media from someone else, and unless you use your computer from inside a soundproof faraday cage. In this free-wheeling cybercrime age, everything is suspect, and rightly should be. Threat actors can even steal your information by listening to how you type on the keyboard and can read your screen by interpreting electromagnetic signals captured from the air. So, do we give up? Of course, not!. Our digital tools have elevated our livelihoods and global culture to incredible heights that even a few decades ago would have been unimaginable. It is good to note that the hacks mentioned above are currently very sophisticated stuff that require much more resources than that average hacker can muster. That being said, the “everything is suspect” mindset needs to be second nature in our interconnected and interdependent world. Even what you would consider to be trusted sources should be continually vetted. In the famous words of Ronald Regan to Mikhail Gorbachev quoting a Russian proverb, “Doveryai, no proveryai”, trust but verify. Keep the shields up.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Tags
Share this with: